Page Access Not Working

I have used Form Builder to create registration and login pages, ie. am not using the SA wizard. I have used the page access server behaviour to protect an admin homepage using

<?php require_once( "../WA_SecurityAssist/Helper_PHP.php" ); ?>
<?php
if (!WA_Auth_RulePasses("Administrator")){
WA_Auth_RestrictAccess("login_failed.php");
}
?>

at the top of the page.

The login page should redirect to the admin homepage on successful login.

The registration page works well but when I try to login I continually get redirected to my 'login denied' page. I have checked the actual username and password to make sure they are correct so it is not the wrong details.

The page access is based upon username, password and user level. In the MySQL table it has UserLevel as Int(11).

The SA Authenticate User behaviours code is:

<?php
if(isset($_POST["Securelogin_submit"])){
$WA_Auth_Parameter = array(
"connection" => $connDB,
"database" => $database_connDB,
"tableName" => "users",
"columns" => explode($WA_Auth_Separator,"username".$WA_Auth_Separator."password"),
"columnValues" => explode($WA_Auth_Separator,"".((isset($_POST["Username"]))?$_POST["Username"]:"") ."".$WA_Auth_Separator."".WA_SHA1Encryption(((isset($_POST["Password"]))?$_POST["Password"]:"")) .""),
"columnTypes" => explode($WA_Auth_Separator,"text".$WA_Auth_Separator."text"),
"sessionColumns" => explode($WA_Auth_Separator,"memberID"),
"sessionNames" => explode($WA_Auth_Separator,"memberID"),
"successRedirect" => "admin_homepage.php",
"failRedirect" => "login_failed.php",
"gotoPreviousURL" => FALSE,
"keepQueryString" => FALSE
);

WA_AuthenticateUser($WA_Auth_Parameter);
}
?>

From the code snippet you posted of the authenticate user server behavior, I see you are using password encryption.

Is the registration page storing the encrypted password as well?

An SHA1 encrypted string is 40 characters long, the Password database column needs to be set to except 40 characters or the string will be truncated. Double check that the password column is set as varchar(40)

I keep getting the redirect page as so below.

windmillpointemhc.com/login2.php?accesscheck=%2FPhotos_result.php%3F

I login correctly but the other pages that I have tried to make secure using Security Assist come up the same way for some reason I have to login again on each page and when complete the URL build comes back as I have shown above. The Photos_result.php of course is the page I was on at the time and it should of gone there but this is what happens.

Help please.

send a copy of the Photos_result.php page, the login page and the webassist/security_assist/helergrouprules.php files in a zip archive please.

I havn't done much editing but the changes I have made have not been to the wa_security programming

in the webassist/security_assist/helergrouprules.php file, there are 2 rules defined for "Login Success":
case "Log in success":
$comparisons[0] = array(TRUE, "".((isset($_GET['loggedIn']))?$_GET['loggedIn']:"") ."", 2, "");
break;
case "Log in success":
$comparisons[0] = array(TRUE, "".((isset($_SESSION['SecurityAssist_UserID']))?$_SESSION['SecurityAssist_UserID']:"") ."", 1, "".$row_SecurityAssistusers['UserID'] ."");
break;


the second one should not be there.

also there is no rule defined for "Logged Into users"


define a new rule named "Logged Into users". set it to:
Allow If
Value: Click the lightning bolt and select the SecurityAssist_UserID session
Criteria: <>
Comparison: Leave this setting blank

on the Photos_result.php page use the "Logged Into users" rule as the access restriction.

Thanks again you guys are a huge help